Towards the end of 2017, there was a major shift in the malware scene. As cloud-based technologies became more popular, cybercrime gangs began targeting Docker and Kubernetes systems. Most of these attacks followed a very simple pattern where threat actors scanned for misconfigured systems that had admin interfaces exposed online in order to take over servers and deploy cryptocurrency-mining malware.
Over the past three years, these attacks have intensified, and new malware strains and threat actors targeting Docker (and Kubernetes) are now being discovered on a regular basis.
But despite the fact that malware attacks on Docker servers are now commonplace, many web developers and infrastructure engineers have not yet learned their lesson and are still misconfiguring Docker servers, leaving them exposed to attacks. The most common of these mistakes is leaving Docker remote administration API endpoints exposed online without authentication.
https://www.zdnet.com/article/docker-malware-is-now-common-so-devs-need-to-take-docker-security-seriously/
Experts Comments
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Mark Bower, Senior Vice President, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"To thwart the variations of malware and attacks from misconfiguration or API exploitation, a data-centric approach is vital...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-docker-malware-is-now-common-devs-need-to-react-accordingly
Facebook Message
@Mark Bower, Senior Vice President, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"To thwart the variations of malware and attacks from misconfiguration or API exploitation, a data-centric approach is vital...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-docker-malware-is-now-common-devs-need-to-react-accordingly